Business leaders care about how security risks can impact their revenue, customers, reputation, or operations. They care about outages, customer churn, regulatory fines, and competitive disadvantage, and not about which ransomware family is exploiting which kernel vulnerability. The disconnect here isn’t because those outside of security don’t care about details, but because many don’t see these details as relevant.
This is key right here. Translating security risks and benefits into business impact whether positive or negative is what speaks to the CEO, CFO and the board.
I usually say, "Cybersecurity does not happen in the implementation; it happens in the conversation". We need to understand that conversation is the unit of communication. If we create better conversations, we may have better cybersecurity. At the end is an environment of trust that we create, not cybersecurity
Business leaders care about how security risks can impact their revenue, customers, reputation, or operations. They care about outages, customer churn, regulatory fines, and competitive disadvantage, and not about which ransomware family is exploiting which kernel vulnerability. The disconnect here isn’t because those outside of security don’t care about details, but because many don’t see these details as relevant.
This is key right here. Translating security risks and benefits into business impact whether positive or negative is what speaks to the CEO, CFO and the board.
I usually say, "Cybersecurity does not happen in the implementation; it happens in the conversation". We need to understand that conversation is the unit of communication. If we create better conversations, we may have better cybersecurity. At the end is an environment of trust that we create, not cybersecurity